b'     Department of Homeland Security\n\n     \xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\xef\xbf\xbd\n\n\n The Office of Financial Management\xe2\x80\x99s Management \n\n Letter for FY 2013 DHS Financial Statements Audit\n\n\n\n\n\nOIG-14-75                                  April 2014\n\n\x0c                         OFFICE OF INSPECTOR GENERAL\n                                Department of Homeland Security\n                                Washington, DC 20528 / www.oig.dhs.gov\n\n\n                                       APR 23 2014\n\n\nMEMORANDUM FOR:\t                Jeffrey Bobich\n                                Director\n                                Office of Financial Management\n                          for\nFROM:\t                          Anne L. Richards\n                                Assistant Inspector General for Audits\n\nSUBJECT:\t                       The Office of Financial Management\xe2\x80\x99s Management Letter\n                                for FY 2013 DHS Financial Statements Audit\n\nAttached for your information is our final report, The Office of Financial Management\xe2\x80\x99s\nManagement Letter for FY 2013 DHS Financial Statements Audit. This report contains\nthree comments and eight recommendations related to internal control deficiencies\nthat were not required to be reported in the Independent !uditors\xe2\x80\x99 Report on DHS\xe2\x80\x99 FY\n2013 Financial Statements and Internal Control over Financial Reporting. Internal control\ndeficiencies which are considered significant deficiencies were reported, as required, in\nthe Independent !uditors\xe2\x80\x99 Report, dated December 11, 2013, which was included in the\nDepartment of Homeland Security\xe2\x80\x99s (DHS) fiscal year (FY) 2013 Agency Financial Report.\nWe do not require management\xe2\x80\x99s response to the recommendations.\n\nWe contracted with the independent public accounting firm KPMG LLP (KPMG) to\nconduct the audit of the DHS\xe2\x80\x99 FY 2013 financial statements and internal control over\nfinancial reporting. The contract required that KPMG perform its audit according to\ngenerally accepted government auditing standards and guidance from the Office of\nManagement and Budget and the Government Accountability Office. KPMG is\nresponsible for the attached management letter dated January 15, 2014, and the\nconclusions expressed in it.\n\nPlease call me with any questions, or your staff may contact Mark Bell, Deputy Assistant\nInspector General for Audits, at (202) 254-4100.\n\nAttachment\n\x0c                                 KPMG LLP\n                                 Suite 12000\n                                 1801 K Street, NW\n                                 Washington, DC 20006\n\n\n\n\nJanuary 15, 2014\n\n\nOffice of Inspector General\nU.S. Department of Homeland Security, and\nChief Financial Officer\nU.S. Department of Homeland Security\nWashington, DC\n\nLadies and Gentlemen:\n\nWe have audited the financial statements of the U.S. Department of Homeland Security (DHS or\nDepartment) for the year ended September 30, 2013 (referred to herein as the \xe2\x80\x9cfiscal year (FY) 2013\nfinancial statements\xe2\x80\x9d), and have issued our report thereon dated December 11, 2013. In planning and\nperforming our audit of the financial statements of DHS, in accordance with auditing standards\ngenerally accepted in the United States of America and Government Auditing Standards, we\nconsidered internal control over financial reporting (internal control) as a basis for designing our\nauditing procedures for the purpose of expressing our opinion on the financial statements. In\nconjunction with our audit of the financial statements, we also performed an audit of internal control\nover financial reporting in accordance with attestation standards established by the American Institute\nof Certified Public Accountants.\nThe Office of Financial Management (OFM) is part of DHS. During our audit, we noted certain\nmatters involving internal control and other operational matters, related to OFM, that are presented for\nyour consideration. These comments and recommendations, all of which have been discussed with the\nappropriate members of management, are intended to improve internal control or result in other\noperating efficiencies. These matters are summarized in the Table of Financial Management\nComments on the following pages. The disposition of each internal control deficiency identified during\nour FY 2013 audit \xe2\x80\x93 as either reported in our Independent Auditors\xe2\x80\x99 Report, or herein \xe2\x80\x93 is presented in\nAppendix A. Our findings related to information technology systems have been presented in a separate\nletter to the DHS Office of Inspector General, the DHS Chief Information Officer, and Chief Financial\nOfficer.\nOur audit procedures are designed primarily to enable us to form an opinion on the financial statements\nand on the effectiveness of internal control over financial reporting, and therefore may not bring to\nlight all weaknesses in policies or procedures that may exist. We aim, however, to use our knowledge\nof DHS\xe2\x80\x99 organization gained during our work to make comments and suggestions that we hope will be\nuseful to you.\nWe would be pleased to discuss these comments and recommendations with you at any time.\nThe purpose of this letter is solely to describe comments and recommendations intended to improve\ninternal control or result in other operating efficiencies. Accordingly, this letter is not suitable for any\nother purpose.\nVery truly yours,\n\n\n\n\n                                 KPMG LLP is a Delaware limited liability partnership,\n                                 the U.S. member firm of KPMG International Cooperative\n                                 (\xe2\x80\x9cKPMG International\xe2\x80\x9d), a Swiss entity.\n\x0c                                  Office of Financial Management\n                             Table of Financial Management Comments\n\n                                         September 30, 2013\n\n\n\n\nTABLE OF FINANCIAL MANAGEMENT COMMENTS (FMC)\n\n\nComment\nReference   Subject                                                                         Page\n\nFMC 13-01   Departmental Standards of Conduct                                                2\nFMC 13-02   Non-Compliance with Financial Disclosure Filing Requirements and Insufficient    2\n            Departmental Guidance\nFMC 13-03   Non-Compliance with Federal Employees\xe2\x80\x99 Health Benefits                           3\n\n\n\n                                           APPENDIX\n\nAppendix    Subject                                                                         Page\n\nA           Crosswalk \xe2\x80\x93 Financial Management Comments to Active Notices of Finding and       5\n            Recommendation (NFRs)\n\n\n\n\n                                                   1\n\n\x0c                                  Department of Homeland Security\n                                  Financial Management Comments\n\n                                        September 30, 2013\n\n\n\n\nFMC 13-01 \xe2\x80\x93 Departmental Standards of Conduct (Notice of Finding and Recommendation (NFR)\nNo. Office of Financial Management (OFM) 13-01)\n\n       During our test work over entity-level controls, we noted that DHS had not issued a Supplemental\n       Standards of Conduct. Although not required, the Department, with the concurrence of the Office\n       of Government Ethics, has determined the need for and developed a Supplemental Standards of\n       Ethical Conduct for Employees of the Department of Homeland Security, which was published as\n       a proposed rule in the Federal Register for public comment on October 12, 2011.\n\n       The proposed regulations would supplement the Office of Government Ethics (OGE) Standards\n       of Ethical Conduct for Employees of the Executive Branch, and would, among other things, set\n       forth employee restrictions on the purchase of certain Government-owned property, and require\n       employees to report allegations of waste, fraud and abuse. The regulations would require\n       employees to seek prior approval for certain outside employment and activities, and designate\n       components within DHS as a separate agency for purposes of determining whether the donor of a\n       gift is a prohibited source. The comment period for the proposed rule ended on December 12,\n       2011.\n\n       Recommendation:\n       We recommend that the Designated Agency Ethics Official (DAEO) complete and issue a final\n       rule, as planned.\n\nFMC 13-02 \xe2\x80\x93 Non-Compliance with Financial Disclosure Filing Requirements and Insufficient\nDepartmental Guidance (NFR No. OFM 13-02)\n\n       During test work over financial disclosure reports at the headquarters Office of Ethics, we\n       identified the following exceptions:\n       \xe2\x80\xa2\t OGE-278 Forms: For one of the 25 samples tested, the filer did not submit the financial\n           disclosure form on time in accordance with OGE filing requirements. Additionally, the form\n           was not submitted within the 30 day grace period.\n       \xe2\x80\xa2\t OGE-450 Forms: For three of the 45 samples tested, the filers did not submit the financial\n           disclosure forms on time in accordance with the OGE filing requirements. Additionally, the\n           forms were not submitted within the 30 day grace period.\n\n       During our review of the Department of Homeland Security Financial Disclosure Reporting\n       Policy, we noted that the policy does not include language regarding the Department\xe2\x80\x99s policy for\n       providing a 30 day grace period for OGE-450 filers. The Code of Federal Regulations (CFR)\n       specifically provides a 30 day grace period for OGE-278 filers, but does not specify a grace\n       period for OGE-450 filers.\n\n       We noted that the DAEO has established a program to periodically review component procedures\n       and implementation of the financial disclosure reporting program as required by the Financial\n       Disclosure Reporting Policy. However, not all components had submitted their implementing\n\n\n\n                                                  2\n\n\x0c                                  Office of Financial Management\n                                 Financial Management Comments\n\n                                        September 30, 2013\n\n\n\n\n      instructions to the DAEO for review and approval as required under the Financial Disclosure\n      Reporting Policy. Consequently, the Headquarters Ethics Office program reviewers were unable\n      to assess compliance with DAEO-approved procedures.\n\n      During testwork over financial disclosure forms at six components, five component audit teams\n      identified findings related to the component financial disclosure processes, such as untimely\n      submission and review, and lack of understanding of filing requirements.\n\n      Recommendations:\n      We recommend that DHS:\n      \xe2\x80\xa2\t Continue to work with employees to ensure they meet required financial disclosure filing\n         deadlines and requirements.\n      \xe2\x80\xa2\t Update the Department of Homeland Security Financial Disclosure Reporting Policy to\n         include language regarding the Department\xe2\x80\x99s policy for providing a 30 day grace period for\n         OGE-450 filers, in order to clarify the filing date requirements per 5 CFR.\n      \xe2\x80\xa2\t Ethics Office continue to track and notify individual filers of due dates, notify them if and\n         when their reports are overdue, and notify component management of delinquencies so that\n         appropriate measures may be taken to compel compliance.\n      \xe2\x80\xa2\t Ethics Office also work with component ethics offices to ensure they establish and implement\n         policies and procedures over their financial disclosure reporting program as required by\n         Departmental policy.\n      \xe2\x80\xa2\t Headquarters Ethics Division continue conducting assist visits for three additional operating\n         components. The assist visits are planned to continue on a rotating cycle. This program,\n         which has written protocols for on-site review and evaluation of component ethics programs,\n         includes follow up after action assessment of program strengths and weaknesses of\n         operational component ethics programs, identification of best practices and recommendations\n         for program improvements.\n\nFMC 13-03 \xe2\x80\x93 Non-Compliance with Federal Employees\xe2\x80\x99 Health Benefits (NFR No. OFM 13-05)\n\n      U.S. Coast Guard\xe2\x80\x99s (USCG or Coast Guard) controls over Federal Employees\xe2\x80\x99 Health Benefits\n      (FEHB) for civilian employees were not fully effective during fiscal year (FY) 2013 to ensure\n      that FEHB contributions are paid in accordance with employee elections. Specifically, during\n      testwork over compliance with various Human Resource laws and regulations, we noted that for\n      one USCG sample of the 64 samples tested on a Department-wide basis, FEHB payments were\n      not properly paid. We noted the USCG employee transferred to USCG from another Federal\n      agency. Upon transfer, USCG did not input the employee\xe2\x80\x99s FEHB election information into the\n      payroll system. As such, no payments were made into the FEHB program on behalf of the\n      employee or employer (USCG) for 24 pay periods, resulting in $9,000 of unpaid employer\n      contributions. Upon recognition of the issue, USCG attempted to make a correcting contribution;\n      however, a clerical error resulted in an actual amount contributed of $93,000.\n\n\n\n\n                                                 3\n\n\x0c                            Office of Financial Management\n                           Financial Management Comments\n                                  September 30, 2013\n\n\n\nRecommendations:\nWe recommend that Coast Guard:\n\xe2\x80\xa2\t Human Resources (HR) operations staff develop a more robust civilian HR review process\n   that incorporates a Payroll Processing Checklist (including Federal benefit\n   information/forms) to ensure the timely input and verification of entry on duty document\n   processing in applicable HR systems.\n\xe2\x80\xa2\t Budget staff modify its standard operating procedures to include a more detailed level review\n   of the payroll accounting system files in addition to the aggregate/object class review that\n   was in place in FY 2013.\n\n\n\n\n                                           4\n\n\x0c                                                                                                             Appendix A\n                                       Office of Financial Management\n                         Crosswalk - Financial Management Comments to Active NFRs\n                                             September 30, 2013\n\n\n                                                                                                  Disposition1\n                                                                                                 IAR                 FMC\n              NFR\nComponent               Description                                                     MW        SD        NC        No.\n              No.\nOFM           13-01     Departmental Standards of Conduct                                                            13-01\n                        Non-Compliance      with    Financial   Disclosure     Filing\nOFM           13-02                                                                                                  13-02\n                        Requirements and Insufficient Departmental Guidance\nOFM           13-03     Inadequate Review of Interim Contingent Legal Liability           A\n                        Inadequate Preparation and Review of Final Contingent Legal\nOFM           13-03a                                                                      A\n                        Liabilities\n                        Inadequate Review of Component-Submitted Transaction by\nOFM           13-04                                                                       A\n                        Elimination Pairs Reports\nOFM           13-05     Non-Compliance with Federal Employees\xe2\x80\x99 Health Benefits                                       13-03\n                        Review of DHS Treasury Information Executive Repository\nOFM           13-06                                                                       A\n                        Financial Statement and Footnote Crosswalks\n                        Inadequate Preparation and Review of Actuarial Federal\nOFM           13-07     Employees\xe2\x80\x99 Compensation Act Liability Allocation                  A\n                        Worksheet\nOFM           13-08     Number not used                                                           Not applicable\n                        Lack of Effective Controls over Accounting for Operating\nOFM           13-09                                                                       A\n                        Leases\nOFM           13-10     Undelivered Orders Department-Wide Analysis                       A\nOFM           13-11     Insufficient Department-Wide Non-GAAP Analysis                    A\n                        Preparation and Review of the Special Purpose Financial\nOFM           13-12                                                                     Note 1\n                        Statements and Notes\n\n\n1\n Disposition Legend:\nIAR\t      Independent Auditors\xe2\x80\x99 Report dated December 11, 2013\nFMC\t      Financial Management Comment\nMW\t       Contributed to a Material Weakness at the Department level when combined with the results of all other components\nSD\t       Contributed to a Significant Deficiency at the Department level when combined with the results of all other\n          components\nNC\t       Contributed to Non-Compliance with laws, regulations, contracts, and grant agreements at the Department level when\n          combined with the results of all other components\nNFR\t      Notice of Finding and Recommendation\n\nCross-reference to the applicable sections of the IAR:\nA         Financial Reporting\nB         Information Technology Controls and Financial Systems Functionality\nC         Property, Plant, and Equipment\nD         Budgetary Accounting\nE         Entity-Level Controls\nF         Liabilities\nG         Grants Management\nH         Custodial Revenue and Drawback\nI         Federal Managers\xe2\x80\x99 Financial Integrity Act of 1982 (FMFIA)\nJ         Federal Financial Management Improvement Act of 1996 (FFMIA)\nK         Single Audit Act Amendments of 1996\n\n\n\n\n                                                             5\n\n\x0c                                                                                                    Appendix A\n                                     Office of Financial Management\n                       Crosswalk - Financial Management Comments to Active NFRs\n\n                                           September 30, 2013\n\n\nL       Antideficiency Act, as amended (ADA)\n\nNote 1: This finding was reporting in the Independent Auditors\xe2\x80\x99 Report on the Special-Purpose Financial Statements\n\n\n\n\n                                                        6\n\n\x0c                              OFFICE OF INSPECTOR GENERAL\n                                  Department of Homeland Security\n\n\n   Appendix A\n   Report Distribution\n   Department of Homeland Security\n\n   Secretary\n   Deputy Secretary\n   Chief of Staff\n   Deputy Chief of Staff\n   General Counsel\n   Executive Secretary\n   Director, GAO/OIG Liaison Office\n   Assistant Secretary for Office of Policy\n   Assistant Secretary for Office of Public Affairs\n   Assistant Secretary for Office of Legislative Affairs\n   Chief Privacy Officer\n\n   Office of Financial Management\n\n   Chief Financial Officer\n   Director, Office of Financial Management\n   Audit Liaison\n\n   Office of Management and Budget\n\n   Chief, Homeland Security Branch\n   DHS OIG Budget Examiner\n\n   Congress\n\n   Congressional Oversight and Appropriations Committees, as appropriate\n\n\n   \xef\xbf\xbd\n\n\n\n\nwww.oig.dhs.gov                                                            OIG-14-75\n\x0cADDITIONAL INFORMATION\n\nTo view this and any of our other reports, please visit our website at: www.oig.dhs.gov.\n\nFor further information or questions, please contact Office of Inspector General (OIG)\nOffice of Public Affairs at: DHS-OIG.OfficePublicAffairs@oig.dhs.gov, or follow us on\nTwitter at: @dhsoig.\n\nOIG HOTLINE\n\nTo expedite the reporting of alleged fraud, waste, abuse or mismanagement, or any\nother kinds of criminal or noncriminal misconduct relative to Department of Homeland\nSecurity (DHS) programs and operations, please visit our website at www.oig.dhs.gov\nand click on the red tab titled "Hotline" to report. You will be directed to complete and\nsubmit an automated DHS OIG Investigative Referral Submission Form. Submission\nthrough our website ensures that your complaint will be promptly received and\nreviewed by DHS OIG.\n\nShould you be unable to access our website, you may submit your complaint in writing\nto:\n\n       Department of Homeland Security \n\n       Office of Inspector General, Mail Stop 0305 \n\n       Attention: Office of Investigations Hotline \n\n       245 Murray Drive, SW \n\n       Washington, DC 20528-0305 \n\n\nYou may also call 1(800) 323-8603 or fax the complaint directly to us at\n(202) 254-4297.\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c'